Users of computer systems acquire software applications from a variety of sources today. Whereas traditionally software was distributed by selling boxed software with optical or other disks on a retail store shelf, today users may download software applications from the Internet, install applications provided by one or more application stores or repositories (e.g., the Ubuntu Software Center and Mac App Store), receive applications via email, receive applications on a universal serial bus (USB) drive, and so forth. Software may still be purchased from a store, but has expanded from several well-known software companies to include many providers that may only make and sell one or two applications.
Malware and other harmful applications are increasingly problematic for computer users. Malware applications may steal or harm a user's data, make a computer system slower, steal processing resources and bandwidth for another user's purposes, or perform other harmful or undesired actions. A user traditionally has two methods for checking the safety of applications: 1) running an antivirus program that depends on matching signatures of known malware with software program code, and 2) developing a level of trust with the source of the software. In the former case, many applications that are not strictly malware may perform undesired actions or may be compromised in the future in a manner that antivirus software does not detect. Recently, software from a major software maker was criticized by many users for installing a rootkit that allowed unauthorized access to a computer system. Thus, neither antivirus software nor coming from a trusted source were sufficient to prevent the potential harm.
Users install many applications without sufficient information to know if the application is trustworthy. Software solves such a broad range of problems and there is a corresponding wide variety of applications that a user may identify as potentially being helpful that the user wants to install. After installation, the user may not know everything the application is doing to the user's system, and the user may be unaware if the behavior of the application changes over time. More help is needed to allow a user make an educated decision on whether or not to trust an application at installation time and upon subsequent sessions with the application.